#dev 2023-10-24

2023-10-24 UTC
# 00:11 
GWG gRegor: Does the ticketing for IndieAuth extension as I tried to rewrite it a bit for clarity make sense? I know I had some comments in that area from angelo and capjamesg and tried to do a little work, more to do though
# 00:12 
gRegor I haven't had a chance to look yet. Soon hopefully.
# 00:13 
GWG gRegor: Up for helping me a bit with clarifying the language and identifying any additional questions, as you do that?
# 00:13 
gRegor Sure, I'll note any questions/suggestions
# 00:13 
GWG Thanks
# 00:13 
GWG gRegor++
# 00:13 
Loqi gRegor has 27 karma in this channel over the last year (74 in all channels)
geoffo joined the channel
# 00:30 
[jacky] Wow the Linux foundation is in that? How the mighty have fallen
# 00:44 
epoch > using positive integers for web versioning memes
# 00:44 
epoch web sqrt(-2)
# 00:46 
epoch what are standards?
# 00:46 
Loqi 🧰 Specifications (or standards) are technical documentation for communicating between two or more implementations in an interoperable way; for the indieweb in particular, standards help reach greater levels of user functionality to publish, express meaning, notify, subscribe, and many other user actions https://indieweb.org/standards
# 00:46 
epoch had to confirm that one xkcd was on there
# 01:10 
aaronpk speaking of standards, CFPB just issued a notice that includes a description of what constitutes a good standards body
# 01:10 
aaronpk https://files.consumerfinance.gov/f/documents/cfpb-1033-nprm-reg-text-with-1001_2023-10.pdf
# 01:10 
aaronpk page 6
[tantek] joined the channel
# 01:21 
[tantek] fascinating
# 01:54 
epoch how meta
alephalpha0, geoffo, gxt, bobcat, [KevinMarks], k, gerben and jjuran joined the channel
# 08:38 
omz13 aaronpk if it helps, consider that the people (or tools) are actors playing rôles; so think persona not person; it is also a draft so some of the text might not be 100% correct
gerben joined the channel
# 09:38 
[tantek] unless we're talking about butlers and personal assistants that you can verbally ask to "take a memo", I'm not sure it's helpful to personify tools into roles like that
# 10:18 
omz13 [tantek] there are various actors (Alice, Bob, Carol, etc) who may be people or tools or tools doing  things like impersonation or on-behalf-of people or other tools. Confusing, perhaps, but rôle-based (and not unknown, q.v. RBAC)
# 10:44 
Zegnat I think the idea is that “Martijn parses Tantek to discover a webmention endpoint” makes less sense than say “Martijn’s blog engine parses the link to Tantek’s website to discover a webmention endpoint.”
# 10:44 
Zegnat Where it makes sense to use people to make examples easier to read, it is often also fine to use example placeholder tech (e.g. blog engine and website).
jjuran, [Ana_R] and rrix joined the channel
# 12:23 
[tantek] Zegnat++ agreed. We should not be conflating people who we are centering in terms of choice & agency, and machines who we are NOT centering that way and the focus is doing precise tasks accurately & predictably.
# 12:23 
Loqi Zegnat has 4 karma in this channel over the last year (10 in all channels)
# 12:23 
[tantek] omz13, "impersonation or on-behalf-of people" sounds like a bad thing like phishing
# 12:24 
[tantek] IMO it's both confusing and in general undesirable and unnecessary. E.g. The OAuth model grants certain "access" to OAuth client apps and nowhere in any explanations of those OAuth flows did they ever have to pretend that a client app was a "person"
# 12:41 
GWG That's why I wanted to focus on the original scope for now before expanding it.
# 12:43 
GWG Although the user stories there could use some tweaking
# 12:44 
epoch at what point do we stop attributing the actions to humans and attribute it to the tools they're using?
# 12:44 
epoch I guess after some amount of automation?
# 12:45 
epoch cuz, if I cut down a tree, I say I'm doing it and not my chainsaw.
# 12:51 
omz13 I am really regretting getting involved in this. Impersonation is a well established concept. Similarly on-behalf-of. Some actions are done by people, Some actions are done by tools.
# 12:51 
omz13 GWG the "single aspect" of the original TicketAuth proposal never made much sense: being diplomatic, it read to me as if half the story was missing. Adding in ticket wanted is the missing element, and that's what I've implemented; mine is not a "different solution" but a complete one because I considered all aspects and solved them together rather than approaching in tranches and hoping it all works out in the end.
rrix and AramZS joined the channel
# 12:56 
epoch might be worth including both versions, so the one that doesn't include example tools can be a slightly higher level description
# 12:56 
epoch bytes are cheap and I always skip paragraphs
# 12:57 
epoch can*
# 12:57 
epoch (looks like I skip words too)
# 13:05 
Zegnat There were a couple different flows too. E.g. autoauth comes to mind, where no user action was required. A bit more like the ticket wanted flow
# 13:05 
Zegnat What is autoauth?
# 13:05 
Loqi AutoAuth is the working title of an extension to IndieAuth that allows clients to authorize to other servers in the name of their user, without the user being present to confirm each individual authorization flow https://indieweb.org/AutoAuth
# 13:06 
[tantek] Now that Omz13 I completely agree with re: "half the story missing" and considering "all the aspects" and solving "then together". Omz13++
# 13:06 
Loqi Omz13 has 2 karma in this channel over the last year (3 in all channels)
# 13:06 
[tantek] "them* together"
# 13:06 
Zegnat I think we are much more interested in implementations and use cases taking form that exactly how the spec gets written up :)
# 13:07 
[tantek] Zegnat I think the key problem / missing piece here has been brief understandable user stories for each right there at the top of their pages
# 13:08 
omz13 Zegnat yes, AutoAuth was, IIRC, an inspiration... except using tickets to achieve something similar
# 13:08 
[tantek] And how they relate
# 13:10 
Zegnat The problem with AutoAuth was probably that sknebel and I did it for an IWC and had a lot of fun implementing. But we have very weak usecases ourselves. So it sorta stopped there.
# 13:13 
[tantek] Maybe we need an IWC session on how to write good use-cases and user stories and update a a bunch of wiki pages accordingly
# 13:14 
omz13 I essentially synthesised TicketAuth with AutoAuth to implement IndieAuth Ticketing
# 13:19 
omz13 I tend to think in terms of first have some use cases, which then tends to thinking about what data needs to be moved around, then how to move that data around, then throw a POC together, update cases/thinking, rinse/repeat, produce a specification based on something that actually works.
# 13:21 
omz13 Use cases don't need to be long or complicated: a title to summarise; a few sentences to briefly explain the needs and result.
# 13:26 
GWG omz13: I think wanting a ticket is out of spec and subverts the idea of the publisher making that decision out of band.
# 13:26 
GWG This would make a great session discussion as well
# 13:30 
GWG I think I see things differently and wouldn't mind a chance to talk this out.
# 13:32 
GWG Some people see not having requesting a ticket as a missing piece, but I don't because the design deliberately originally didn't include it
gerben joined the channel
# 13:45 
GWG Where is a good place to write my thoughts I wonder...longer form
# 13:45 
Zegnat I think you have a blog?
# 13:46 
GWG Zegnat: That is what I'm thinking.
# 13:47 
[tantek] blogpost++
# 13:47 
Loqi blogpost has 1 karma over the last year
[calumryan], [snarfed], rrix and geoffo joined the channel
# 14:14 
omz13 GWG but I am being "subversive" and want things to happen in-band: what is the point of forcing a person to authorize between parties when they have already given those parties authorization? One less thing for the person to do makes the user experience far smoother (especially as there are trust guarantees included)
# 14:15 
GWG omz13: I'm sure we'll end up somewhere on it
rrix, jeremycherfas and geoffo joined the channel
# 15:31 
[tantek] onelessthingforthepersontodo++
# 15:31 
Loqi onelessthingforthepersontodo has 1 karma over the last year
# 15:36 
GWG omz13: I'll post the link to my thoughtful response when I can write it all out and compose my thoughts.
# 15:54 
aaronpk i tried reading the ticketing use cases again omz13 but i'm sorry I can't make it through it trying to jump through all the mental hoops of figuring out which people are impersonating which tools and such
HiMYSYeD joined the channel
# 16:44 
[schmarty] aaronpk: i am gonna look at doing a pass on https://indieweb.org/Microsub-spec#Indicating_Item_Source_Proposal for Aperture. `timeline` responses already include a `_source` that is only a string (the `_id`). i'll make it an object with `_id`, `url`, and `name` - i don't think Aperture has a handle on source per photo right now. any concerns so far?
geoffo joined the channel
# 16:50 
aaronpk it's been a while since i've touched any of that code, not sure i can follow the context right now
# 16:55 
[schmarty] all good, thanks! i'll see where i get and maybe send a PR.
[alanmoo], [chrisaldrich], [0x3b0b], gerben, [aciccarello], Fisher2445995, [jeremycherfas], geoffo, gxt, [jamietanna], jeremycherfas and DocMcFly joined the channel